Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions

  • Kazuhiko Minematsu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8441)


This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation. The proposed scheme has attractive features for fast and compact operation. When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and decryption. Moreover, the scheme enables one-pass, parallel operation under two-block partition. The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher. The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher. We also provide basic software results, and describe some ideas on using a non-invertible primitive, such as a keyed hash function.


Authenticated Encryption Blockcipher Mode Pseudorandom Function OCB 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C (2004), National Institute of Standards and TechnologyGoogle Scholar
  3. 3.
    Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D (2007), national Institute of Standards and TechnologyGoogle Scholar
  4. 4.
    Information Technology - Security techniques - Authenticated encryption, ISO/IEC 19772:2009. International Standard ISO/IEC 19772 (2009)Google Scholar
  5. 5.
    Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and Authenticated Online Ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 424–443. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Aoki, K., Iwata, T., Yasuda, K.: How Fast Can a Two-Pass Mode Go? A Parallel Deterministic Authenticated Encryption Mode for AES-NI. DIAC 2012: Directions in Authenticated Ciphers (2012),
  7. 7.
    Aoki, K., Yasuda, K.: The Security of the OCB Mode of Operation without the SPRP Assumption. In: Susilo, Reyhanitabar (eds.) [37], pp. 202–220Google Scholar
  8. 8.
    Aumasson, J.P., Bernstein, D.J.: SipHash: A Fast Short-Input PRF. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 489–508. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Goldreich, O., Mityagin, A.: The Power of Verification Queries in Message Authentication and Authenticated Encryption. Cryptology ePrint Archive, Report 2004/309 (2004),
  10. 10.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy, Meier (eds.) [36], pp. 389–407Google Scholar
  12. 12.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak SHA-3 submission (January 2011),
  13. 13.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Chakraborty, D., Sarkar, P.: A general construction of tweakable block ciphers and different modes of operations. IEEE Transactions on Information Theory 54(5), 1991–2006 (2008)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael (1999)Google Scholar
  16. 16.
    Even, S., Mansour, Y.: A Construction of a Cipher From a Single Pseudorandom Permutation. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210–224. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  17. 17.
    Fleischmann, E., Forler, C., Lucks, S.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Gligor, V.D., Donescu, P.: Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 92–108. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Gouvêa, C.P.L., López, J.: High Speed Implementation of Authenticated Encryption for the MSP430X Microcontroller. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 288–304. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Iwata, T., Yasuda, K.: BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 313–330. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Jutla, C.S.: Encryption Modes with Almost Free Message Integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Krawczyk, H.: The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Krovetz, T., Rogaway, P.: The Software Performance of Authenticated-Encryption Modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  25. 25.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)CrossRefMATHMathSciNetGoogle Scholar
  27. 27.
    Lucks, S.: Two-Pass Authenticated Encryption Faster Than Generic Composition. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 284–298. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    Minematsu, K.: A Short Universal Hash Function from Bit Rotation, and Applications to Blockcipher Modes. In: Susilo, Reyhanitabar (eds.) [37], pp. 221–238Google Scholar
  29. 29.
    Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering Generic Composition. DIAC 2013: Directions in Authenticated Ciphers (2013),
  30. 30.
    Osvik, D.A., Bos, J.W., Stefan, D., Canright, D.: Fast Software AES Encryption. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 75–93. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Paterson, K.: Authenticated Encryption in TLS. DIAC 2013: Directions in Authenticated Ciphers (2013),
  32. 32.
    Rinne, S.: Performance Analysis of Contemporary Light-Weight Cryptographic Algorithms on a Smart Card Microcontroller. SPEED – Software Performance Enhancement for Encryption and Decryption (2007),
  33. 33.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  34. 34.
    Rogaway, P.: Nonce-Based Symmetric Encryption. In: Roy, Meier (eds.) [36], pp. 348–359Google Scholar
  35. 35.
    Rogaway, P., Bellare, M., Black, J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003)CrossRefGoogle Scholar
  36. 36.
    Roy, B., Meier, W. (eds.): FSE 2004. LNCS, vol. 3017. Springer, Heidelberg (2004)MATHGoogle Scholar
  37. 37.
    Susilo, W., Reyhanitabar, R. (eds.): ProvSec 2013. LNCS, vol. 8209. Springer, Heidelberg (2013)MATHGoogle Scholar
  38. 38.
    Zeng, G., Han, W., He, K.: High Efficiency Feedback Shift Register: σ-LFSR. Cryptology ePrint Archive, Report 2007/114 (2007),
  39. 39.
    Zhang, L., Han, S., Wu, W., Wang, P.: iFeed: the Input-Feed AE Modes. In: Rump Session of FSE 2013 (2013), slides from

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Kazuhiko Minematsu
    • 1
  1. 1.NEC CorporationJapan

Personalised recommendations